package com.yjkf.zh.admin.security;

import com.yjkf.zh.admin.util.PasswordEncoder;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;

public class JwtAuthenticationProvider extends DaoAuthenticationProvider {

    public JwtAuthenticationProvider(UserDetailsService userDetailsService){
        setUserDetailsService(userDetailsService);
    }

    /**
     * 做密码比较
     * @param userDetails
     * @param authentication
     * @throws AuthenticationException
     */
    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
       if(authentication.getCredentials() == null){
           logger.debug("Authentication failed: no credentials provided");
           throw new BadCredentialsException(
                   messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials","Bad credentials")
           );
       }
       String presentedPassword = authentication.getCredentials().toString();
       String salt = ((JwtUserDetails)userDetails).getSalt();
       if(!new PasswordEncoder(salt).matches(userDetails.getPassword(),presentedPassword)){     //定义自己的密码验证逻辑
           logger.debug("Authentication failed: password does not match");
           throw new BadCredentialsException(messages.getMessage(
                   "AbstractUserDetailsAuthenticationProvider.badCredentials","Bad credentials"
           ));
       }
    }
}
